[Snort-users] Pulledpork doesn't disable some rules
C. L. Martinez
carlopmart at ...11827...
Tue Apr 15 02:28:36 EDT 2014
On Mon, Apr 14, 2014 at 5:11 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 4/14/2014 3:32 AM, C. L. Martinez wrote:
>> removed 55 temporary snort files or directories from /tmp/tha_rules!
>> Processing /data/config/etc/idpsuricata02/pulledpork/disablesid.conf....
>> Disabled 1:2009005
>> Disabled 1:2011582
>> Modified 2 rules
>> Setting Flowbit State....
>> WARN - 1:2011582 is re-enabled by a check of the
>> ET.http.javaclient.vulnerable flowbit!
>> Uhmm .. How can I avoid this situation??
> disable the rules that rely on that flowbit as well as the rule(s) that set it...
Thanks waldo and YM. After seeing the different possibilities, I am
using threshold.conf to disable this alert.
More information about the Snort-users